Description

Firefox user Sijie Xia reported that if a user
explicitly removes the trust for extended validation (EV) capable root
certificates in the certificate manager, the change is not properly used when
validating EV certificates, causing the setting to be ignored. This removes the
ability of users to explicitly untrust root certificates from specific
certificate authorities.

This flaw does not affect certificates that are not extended
validation certificates. All other certificate validation checks do occur, the
error is the assumption that if Mozilla trusted the certificate, the user would
also.